DoH is tricky to block since it’s just using https on port 443. The only options are blocklists of known servers and attempting to detect it with deep packet inspection.
Comment on Samsung brings ads to US fridges
MangoPenguin@lemmy.blahaj.zone 4 weeks agoMaybe block the DoH endpoint and in theory the device might fall back to normal DNS, dunno if that would work.
cmnybo@discuss.tchncs.de 4 weeks ago
MangoPenguin@lemmy.blahaj.zone 4 weeks ago
Yeah gotta inspect the traffic and block whatever hostnames it uses.
WhyJiffie@sh.itjust.works 4 weeks ago
and also block outgoing connections to port 53 when it’s not the pihole device’s allowed IP